Allowed devices should be an array

opf · Mar 19, 2024 · 40501bd · 40501bd
1 parent 3cb6c4d
commit 40501bd
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/modules/two_factor_authentication/app/models/two_factor_authentication/device/webauthn.rb b/modules/two_factor_authentication/app/models/two_factor_authentication/device/webauthn.rb
@@ -22,14 +22,14 @@ def options_for_create(relying_party)
       @options_for_create ||= relying_party.options_for_registration(
         user: { id: user.webauthn_id, name: user.name },
         exclude: TwoFactorAuthentication::Device::Webauthn.where(user:).pluck(:webauthn_external_id),
-        authenticator_selection: { user_verification: 'discouraged' }
+        authenticator_selection: { user_verification: "discouraged" }
       )
     end
 
     def options_for_get(relying_party)
       @options_for_get ||= relying_party.options_for_authentication(
-        user_verification: 'discouraged', # we do not require user verification
-        allow: webauthn_external_id # TODO: Maybe also allow all other tokens? Let's see
+        user_verification: "discouraged", # we do not require user verification
+        allow: [webauthn_external_id] # TODO: Maybe also allow all other tokens? Let's see
       )
     end